This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Problems with site2site V5<->V7

Hi there,

i have a problem with a vpn between V5 and V7. The networks on the other side are both reachable from a client behind his ASG, but not from the V5-firewall itself.

10.0.16.0/24 [Client-Network] <> 10.0.16.1 [ASG_V7] <> IPSec (internet) <> 10.0.17.1 [ASG_V5] <> 10.0.17.0/24 [Client-Network]

From 10.0.16.0/24 every host on 10.0.17.0/24 is reachable and the other way round. Also from the V7-firewall every host on 10.0.17.0 is reachable BUT from the V5-firewall nothing is reachable on the 10.0.16.0 network. The V5-firewall uses the internet-adapter as default-gateway instead of the ipsec-adapter. By the way, i have a second vpn, also between V5 and V7 with the same problems.

V5-routes and ping (not working firewall):

fwV5:/home/login # route

Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

217.0.***.***   *               255.255.255.255 UH    0      0        0 ppp0

10.0.16.0       *               255.255.255.0   U     0      0        0 ipsec0

10.0.18.0       *               255.255.255.0   U     0      0        0 ipsec0

10.0.17.0       *               255.255.255.0   U     0      0        0 eth1

loopback        *               255.0.0.0       U     0      0        0 lo

default         217.0.***.***   0.0.0.0         UG    0      0        0 ppp0



fwV5:/home/login # ping 10.0.16.1

PING 10.0.16.1 (10.0.16.1) from 84.135.***.*** : 56(84) bytes of data.



--- 10.0.16.1 ping statistics ---

9 packets transmitted, 0 received, 100% loss, time 8043ms

V7-routes and ping (working firewall):

fwV7:/home/login # route

Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

default         217.0.***.***   0.0.0.0         UG    0      0        0 ppp0

10.0.16.0       *               255.255.255.0   U     0      0        0 eth0

10.0.17.0       *               255.255.255.0   U     0      0        0 ipsec0

10.0.18.0       *               255.255.255.0   U     0      0        0 ipsec0

217.0.***.***   *               255.255.255.255 UH    0      0        0 ppp0

217.0.***.***   *               255.255.255.255 UH    0      0        0 ipsec0



fwV7:/home/login # ping 10.0.17.1

PING 10.0.17.1 (10.0.17.1) 56(84) bytes of data.

64 bytes from 10.0.17.1: icmp_seq=1 ttl=64 time=122 ms

64 bytes from 10.0.17.1: icmp_seq=2 ttl=64 time=122 ms



--- 10.0.17.1 ping statistics ---

2 packets transmitted, 2 received, 0% packet loss, time 1002ms

rtt min/avg/max/mdev = 122.676/122.825/122.975/0.381 ms

Anyone knows why the V5-firewall routes all traffic coming from a client correct but not the connections opened on the firewall itself???

This thread was automatically locked due to age.

Parents

0 ClausP over 18 years ago

The local firewall's external interface is not part of the VPN connection.

http://portal.knowledgebase.net/article.asp?article=114313&p=5956
Cancel
Vote Up 0 Vote Down

Cancel
0 Suppentrulli over 18 years ago in reply to ClausP

Hi ClausP,

thanks a lot for your answer - that seems to be the reason.

Bad news for me, because i wanted to access the V7-dns-proxy from V5 via the tunnel...
Cancel
Vote Up 0 Vote Down

Cancel
0 Suppentrulli over 18 years ago in reply to Suppentrulli

Hey, there is a nice workaround for my problem:

http://portal.knowledgebase.net/display/2/kb/article.asp?aid=119911
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Suppentrulli over 18 years ago in reply to Suppentrulli

Hey, there is a nice workaround for my problem:

http://portal.knowledgebase.net/display/2/kb/article.asp?aid=119911
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data